1. Forum
  2. tqwNet
  3. TQW GENTECH

  • FBI warns Play ransomware hackers have hit nearly a thousand US f

    From TechnologyDaily@1337:1/100 to All on Thu Jun 5 15:30:09 2025
    FBI warns Play ransomware hackers have hit nearly a thousand US firms

    Date:
    Thu, 05 Jun 2025 14:28:00 +0000

    Description:
    Play hackers have added phone calls to their extortion tactics, and are targeting more flaws.

    FULL STORY ======================================================================Play Ransomware has hit 900 companies so far, new FBI advisory claims The group is calling victims on the phone to try and force them to pay the ransom demand
    It also added new vulnerabilities to its arsenal

    Play Ransomwares body count is almost hitting four digits, a new warning from top legal enforcement has revealed, urging businesses to stay on guard
    against attacks.

    In an updated security advisory, published by the FBI, CISA, and the Australian Signals Directorates Australian Cyber Security Centre (ASDs ACSC), it was said that Play and its affiliates exploited approximately 900
    entities.

    Play Ransomware, also known as Playcrypt, is an infamous ransomware operator. It is known for using the atypical triple-extortion method in which, besides encrypting and exfiltrating files, it also calls its victims on the phone to convince them to pay up. SimpleHelp flaws targeted

    The security agencies security advisory has been updated to reflect changes Play and its affiliates made in recent times. For example, it was said that the victims get a unique @gmx.de, or @web.de email address, through which theyre invited to communicate with the attackers.

    Furthermore, the group seems to have added new vulnerabilities to the ones they were already targeting. Besides FortiOS (CVE-2018-13379, and CVE-2020-12812) and Microsoft Exchange (ProxyNotShell CVE-2022-41040 and CVE-2022-41082) bugs, they are now exploiting CVE-2024-57727 in remote monitoring and management (RMM) tool SimpleHelp, which theyre using for
    remote code execution (RCE) capabilities.

    This vulnerability was first spotted in mid-January 2025, and has been exploited since.

    To make things even worse, the agencies are saying that the Play ransomware binary is recompiled for every attack, which means it gets a new, unique
    hash, for each deployment. This complicates anti-malware and antivirus
    program detection.

    Play was first spotted around 2020, and in the past, was known for targeting Windows-powered devices, but in late July 2024, security researchers saw a Linux variant targeting VMWare ESXi environments.

    In a technical breakdown, Trend Micros Threat Hunting team said at the time that it was the first time Play was seen targeting ESXi environments, and it could be that the criminals are broadening their attacks across the Linux platform.

    Via The Register You might also like This dangerous new Linux malware is going after VMware systems with multiple extortion attempts Take a look at
    our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/fbi-warns-play-ransomware-hackers-have- hit-nearly-a-thousand-us-firms


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)